diff --git a/policy-F16.patch b/policy-F16.patch
index e9a7f65..b1d4625 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -18475,7 +18475,7 @@ index ff006ea..b682bcf 100644
 +	dontaudit $1 file_type:dir_file_class_set write;
 +')
 diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
-index 22821ff..4e8d594 100644
+index 22821ff..4486d80 100644
 --- a/policy/modules/kernel/files.te
 +++ b/policy/modules/kernel/files.te
 @@ -10,7 +10,9 @@ attribute files_unconfined_type;
@@ -18515,7 +18515,7 @@ index 22821ff..4e8d594 100644
  #
  type system_map_t;
  files_type(system_map_t)
-+procs_type(system_map_t)
++kernel_proc_type(system_map_t)
  genfscon proc /kallsyms gen_context(system_u:object_r:system_map_t,s0)
  
  #
@@ -19114,10 +19114,18 @@ index 97fcdac..6342520 100644
 +')
 +
 diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
-index f125dc2..3c6e827 100644
+index f125dc2..f5e522e 100644
 --- a/policy/modules/kernel/filesystem.te
 +++ b/policy/modules/kernel/filesystem.te
-@@ -52,6 +52,7 @@ type anon_inodefs_t;
+@@ -33,6 +33,7 @@ fs_use_xattr jffs2 gen_context(system_u:object_r:fs_t,s0);
+ fs_use_xattr jfs gen_context(system_u:object_r:fs_t,s0);
+ fs_use_xattr lustre gen_context(system_u:object_r:fs_t,s0);
+ fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0);
++fs_use_xattr squashfs gen_context(system_u:object_r:fs_t,s0);
+ 
+ # Use the allocating task SID to label inodes in the following filesystem
+ # types, and label the filesystem itself with the specified context.
+@@ -52,6 +53,7 @@ type anon_inodefs_t;
  fs_type(anon_inodefs_t)
  files_mountpoint(anon_inodefs_t)
  genfscon anon_inodefs / gen_context(system_u:object_r:anon_inodefs_t,s0)
@@ -19125,7 +19133,7 @@ index f125dc2..3c6e827 100644
  
  type bdev_t;
  fs_type(bdev_t)
-@@ -67,7 +68,7 @@ fs_type(capifs_t)
+@@ -67,7 +69,7 @@ fs_type(capifs_t)
  files_mountpoint(capifs_t)
  genfscon capifs / gen_context(system_u:object_r:capifs_t,s0)
  
@@ -19134,7 +19142,7 @@ index f125dc2..3c6e827 100644
  fs_type(cgroup_t)
  files_type(cgroup_t)
  files_mountpoint(cgroup_t)
-@@ -96,6 +97,7 @@ type hugetlbfs_t;
+@@ -96,6 +98,7 @@ type hugetlbfs_t;
  fs_type(hugetlbfs_t)
  files_mountpoint(hugetlbfs_t)
  fs_use_trans hugetlbfs gen_context(system_u:object_r:hugetlbfs_t,s0);
@@ -19142,7 +19150,19 @@ index f125dc2..3c6e827 100644
  
  type ibmasmfs_t;
  fs_type(ibmasmfs_t)
-@@ -175,6 +177,7 @@ fs_type(tmpfs_t)
+@@ -144,11 +147,6 @@ fs_type(spufs_t)
+ genfscon spufs / gen_context(system_u:object_r:spufs_t,s0)
+ files_mountpoint(spufs_t)
+ 
+-type squash_t;
+-fs_type(squash_t)
+-genfscon squash / gen_context(system_u:object_r:squash_t,s0)
+-files_mountpoint(squash_t)
+-
+ type sysv_t;
+ fs_noxattr_type(sysv_t)
+ files_mountpoint(sysv_t)
+@@ -175,6 +173,7 @@ fs_type(tmpfs_t)
  files_type(tmpfs_t)
  files_mountpoint(tmpfs_t)
  files_poly_parent(tmpfs_t)
@@ -19150,7 +19170,7 @@ index f125dc2..3c6e827 100644
  
  # Use a transition SID based on the allocating task SID and the
  # filesystem SID to label inodes in the following filesystem types,
-@@ -254,6 +257,8 @@ genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
+@@ -254,6 +253,8 @@ genfscon udf / gen_context(system_u:object_r:iso9660_t,s0)
  type removable_t;
  allow removable_t noxattrfs:filesystem associate;
  fs_noxattr_type(removable_t)
@@ -19159,7 +19179,7 @@ index f125dc2..3c6e827 100644
  files_mountpoint(removable_t)
  
  #
-@@ -273,6 +278,7 @@ genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
+@@ -273,6 +274,7 @@ genfscon ncpfs / gen_context(system_u:object_r:nfs_t,s0)
  genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0)
  genfscon panfs / gen_context(system_u:object_r:nfs_t,s0)
  genfscon gadgetfs / gen_context(system_u:object_r:nfs_t,s0)
@@ -19168,7 +19188,7 @@ index f125dc2..3c6e827 100644
  ########################################
  #
 diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
-index 6346378..4845190 100644
+index 6346378..34c6897 100644
 --- a/policy/modules/kernel/kernel.if
 +++ b/policy/modules/kernel/kernel.if
 @@ -345,13 +345,8 @@ interface(`kernel_load_module',`
@@ -19383,9 +19403,9 @@ index 6346378..4845190 100644
 +##	</summary>
 +## </param>
 +#
-+interface(`procs_type',`
++interface(`kernel_proc_type',`
 +	gen_require(`
-+		attribute proc_type
++		attribute proc_type;
 +	')
 +
 +	typeattribute $1 proc_type;
@@ -31285,24 +31305,10 @@ index 0000000..ca71d08
 +')
 +
 diff --git a/policy/modules/services/colord.te b/policy/modules/services/colord.te
-index 74505cc..2f9b1bc 100644
+index 74505cc..be3683b 100644
 --- a/policy/modules/services/colord.te
 +++ b/policy/modules/services/colord.te
-@@ -5,6 +5,13 @@ policy_module(colord, 1.0.0)
- # Declarations
- #
- 
-+## <desc>
-+##  <p>
-+##  Allow colord domain to connect to the network using TCP.
-+##  </p>
-+## </desc>
-+gen_tunable(colord_can_network_connect, false)
-+
- type colord_t;
- type colord_exec_t;
- dbus_system_domain(colord_t, colord_exec_t)
-@@ -23,9 +30,11 @@ files_type(colord_var_lib_t)
+@@ -23,9 +23,11 @@ files_type(colord_var_lib_t)
  # colord local policy
  #
  allow colord_t self:capability { dac_read_search dac_override };
@@ -31314,7 +31320,7 @@ index 74505cc..2f9b1bc 100644
  allow colord_t self:udp_socket create_socket_perms;
  allow colord_t self:unix_dgram_socket create_socket_perms;
  
-@@ -41,8 +50,14 @@ manage_dirs_pattern(colord_t, colord_var_lib_t, colord_var_lib_t)
+@@ -41,8 +43,14 @@ manage_dirs_pattern(colord_t, colord_var_lib_t, colord_var_lib_t)
  manage_files_pattern(colord_t, colord_var_lib_t, colord_var_lib_t)
  files_var_lib_filetrans(colord_t, colord_var_lib_t, { file dir })
  
@@ -31330,7 +31336,7 @@ index 74505cc..2f9b1bc 100644
  
  corenet_all_recvfrom_unlabeled(colord_t)
  corenet_all_recvfrom_netlabel(colord_t)
-@@ -50,6 +65,8 @@ corenet_udp_bind_generic_node(colord_t)
+@@ -50,6 +58,8 @@ corenet_udp_bind_generic_node(colord_t)
  corenet_udp_bind_ipp_port(colord_t)
  corenet_tcp_connect_ipp_port(colord_t)
  
@@ -31339,7 +31345,7 @@ index 74505cc..2f9b1bc 100644
  dev_read_video_dev(colord_t)
  dev_write_video_dev(colord_t)
  dev_rw_printer(colord_t)
-@@ -65,19 +82,37 @@ files_list_mnt(colord_t)
+@@ -65,19 +75,33 @@ files_list_mnt(colord_t)
  files_read_etc_files(colord_t)
  files_read_usr_files(colord_t)
  
@@ -31363,10 +31369,6 @@ index 74505cc..2f9b1bc 100644
 +userdom_rw_user_tmpfs_files(colord_t)
 +
 +userdom_home_reader(colord_t)
-+
-+tunable_policy(`colord_can_network_connect',`
-+    corenet_tcp_connect_all_ports(colord_t)
-+')
  
  tunable_policy(`use_nfs_home_dirs',`
 +	fs_getattr_nfs(colord_t)
@@ -31378,7 +31380,7 @@ index 74505cc..2f9b1bc 100644
  	fs_read_cifs_files(colord_t)
  ')
  
-@@ -89,6 +124,12 @@ optional_policy(`
+@@ -89,6 +113,12 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -31391,7 +31393,7 @@ index 74505cc..2f9b1bc 100644
  	policykit_dbus_chat(colord_t)
  	policykit_domtrans_auth(colord_t)
  	policykit_read_lib(colord_t)
-@@ -96,5 +137,16 @@ optional_policy(`
+@@ -96,5 +126,16 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -32485,7 +32487,7 @@ index 35241ed..7a0913c 100644
 +	manage_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t)
  ')
 diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
-index f7583ab..230cbb2 100644
+index f7583ab..a4d25d9 100644
 --- a/policy/modules/services/cron.te
 +++ b/policy/modules/services/cron.te
 @@ -10,18 +10,18 @@ gen_require(`
@@ -32878,7 +32880,18 @@ index f7583ab..230cbb2 100644
  ')
  
  optional_policy(`
-@@ -480,7 +582,7 @@ optional_policy(`
+@@ -472,6 +574,10 @@ optional_policy(`
+ ')
+ 
+ optional_policy(`
++	networkmanager_dbus_chat(system_cronjob_t)
++')
++
++optional_policy(`
+ 	postfix_read_config(system_cronjob_t)
+ ')	
+ 
+@@ -480,7 +586,7 @@ optional_policy(`
  	prelink_manage_lib(system_cronjob_t)
  	prelink_manage_log(system_cronjob_t)
  	prelink_read_cache(system_cronjob_t)
@@ -32887,7 +32900,7 @@ index f7583ab..230cbb2 100644
  ')
  
  optional_policy(`
-@@ -495,6 +597,7 @@ optional_policy(`
+@@ -495,6 +601,7 @@ optional_policy(`
  
  optional_policy(`
  	spamassassin_manage_lib_files(system_cronjob_t)
@@ -32895,7 +32908,7 @@ index f7583ab..230cbb2 100644
  ')
  
  optional_policy(`
-@@ -502,7 +605,13 @@ optional_policy(`
+@@ -502,7 +609,13 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -32909,7 +32922,7 @@ index f7583ab..230cbb2 100644
  	userdom_user_home_dir_filetrans_user_home_content(system_cronjob_t, { dir file lnk_file fifo_file sock_file })
  ')
  
-@@ -595,9 +704,12 @@ userdom_manage_user_home_content_sockets(cronjob_t)
+@@ -595,9 +708,12 @@ userdom_manage_user_home_content_sockets(cronjob_t)
  #userdom_user_home_dir_filetrans_user_home_content(cronjob_t, notdevfile_class_set)
  
  list_dirs_pattern(crond_t, user_cron_spool_t, user_cron_spool_t)
@@ -36655,7 +36668,7 @@ index e1d7dc5..0557be0 100644
  	admin_pattern($1, dovecot_var_run_t)
  
 diff --git a/policy/modules/services/dovecot.te b/policy/modules/services/dovecot.te
-index acf6d4f..194f170 100644
+index acf6d4f..47969fe 100644
 --- a/policy/modules/services/dovecot.te
 +++ b/policy/modules/services/dovecot.te
 @@ -18,7 +18,7 @@ type dovecot_auth_tmp_t;
@@ -36709,7 +36722,7 @@ index acf6d4f..194f170 100644
  files_search_etc(dovecot_t)
  
  can_exec(dovecot_t, dovecot_exec_t)
-@@ -94,10 +99,11 @@ manage_dirs_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
+@@ -94,10 +99,12 @@ manage_dirs_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
  manage_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
  manage_lnk_files_pattern(dovecot_t, dovecot_spool_t, dovecot_spool_t)
  
@@ -36718,11 +36731,12 @@ index acf6d4f..194f170 100644
  manage_lnk_files_pattern(dovecot_t, dovecot_var_run_t, dovecot_var_run_t)
  manage_sock_files_pattern(dovecot_t, dovecot_var_run_t, dovecot_var_run_t)
 -files_pid_filetrans(dovecot_t, dovecot_var_run_t, file)
-+files_pid_filetrans(dovecot_t, dovecot_var_run_t, { dir file })
++manage_fifo_files_pattern(dovecot_t, dovecot_var_run_t, dovecot_var_run_t)
++files_pid_filetrans(dovecot_t, dovecot_var_run_t, { dir file fifo_file })
  
  kernel_read_kernel_sysctls(dovecot_t)
  kernel_read_system_state(dovecot_t)
-@@ -110,6 +116,7 @@ corenet_tcp_sendrecv_all_ports(dovecot_t)
+@@ -110,6 +117,7 @@ corenet_tcp_sendrecv_all_ports(dovecot_t)
  corenet_tcp_bind_generic_node(dovecot_t)
  corenet_tcp_bind_mail_port(dovecot_t)
  corenet_tcp_bind_pop_port(dovecot_t)
@@ -36730,7 +36744,7 @@ index acf6d4f..194f170 100644
  corenet_tcp_bind_sieve_port(dovecot_t)
  corenet_tcp_connect_all_ports(dovecot_t)
  corenet_tcp_connect_postgresql_port(dovecot_t)
-@@ -135,6 +142,7 @@ files_dontaudit_list_default(dovecot_t)
+@@ -135,6 +143,7 @@ files_dontaudit_list_default(dovecot_t)
  # Dovecot now has quota support and it uses getmntent() to find the mountpoints.
  files_read_etc_runtime_files(dovecot_t)
  files_search_all_mountpoints(dovecot_t)
@@ -36738,7 +36752,7 @@ index acf6d4f..194f170 100644
  
  init_getattr_utmp(dovecot_t)
  
-@@ -145,6 +153,7 @@ logging_send_syslog_msg(dovecot_t)
+@@ -145,6 +154,7 @@ logging_send_syslog_msg(dovecot_t)
  miscfiles_read_generic_certs(dovecot_t)
  miscfiles_read_localization(dovecot_t)
  
@@ -36746,7 +36760,7 @@ index acf6d4f..194f170 100644
  userdom_dontaudit_use_unpriv_user_fds(dovecot_t)
  userdom_manage_user_home_content_dirs(dovecot_t)
  userdom_manage_user_home_content_files(dovecot_t)
-@@ -160,6 +169,15 @@ optional_policy(`
+@@ -160,6 +170,15 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -36762,7 +36776,7 @@ index acf6d4f..194f170 100644
  	postgresql_stream_connect(dovecot_t)
  ')
  
-@@ -180,8 +198,8 @@ optional_policy(`
+@@ -180,8 +199,8 @@ optional_policy(`
  # dovecot auth local policy
  #
  
@@ -36773,7 +36787,7 @@ index acf6d4f..194f170 100644
  allow dovecot_auth_t self:fifo_file rw_fifo_file_perms;
  allow dovecot_auth_t self:unix_dgram_socket create_socket_perms;
  allow dovecot_auth_t self:unix_stream_socket create_stream_socket_perms;
-@@ -190,6 +208,9 @@ allow dovecot_auth_t dovecot_t:unix_stream_socket { connectto rw_stream_socket_p
+@@ -190,6 +209,9 @@ allow dovecot_auth_t dovecot_t:unix_stream_socket { connectto rw_stream_socket_p
  
  read_files_pattern(dovecot_auth_t, dovecot_passwd_t, dovecot_passwd_t)
  
@@ -36783,7 +36797,7 @@ index acf6d4f..194f170 100644
  manage_dirs_pattern(dovecot_auth_t, dovecot_auth_tmp_t, dovecot_auth_tmp_t)
  manage_files_pattern(dovecot_auth_t, dovecot_auth_tmp_t, dovecot_auth_tmp_t)
  files_tmp_filetrans(dovecot_auth_t, dovecot_auth_tmp_t, { file dir })
-@@ -201,9 +222,12 @@ dovecot_stream_connect_auth(dovecot_auth_t)
+@@ -201,9 +223,12 @@ dovecot_stream_connect_auth(dovecot_auth_t)
  kernel_read_all_sysctls(dovecot_auth_t)
  kernel_read_system_state(dovecot_auth_t)
  
@@ -36796,7 +36810,7 @@ index acf6d4f..194f170 100644
  dev_read_urand(dovecot_auth_t)
  
  auth_domtrans_chk_passwd(dovecot_auth_t)
-@@ -216,7 +240,8 @@ files_read_usr_files(dovecot_auth_t)
+@@ -216,7 +241,8 @@ files_read_usr_files(dovecot_auth_t)
  files_read_usr_symlinks(dovecot_auth_t)
  files_read_var_lib_files(dovecot_auth_t)
  files_search_tmp(dovecot_auth_t)
@@ -36806,7 +36820,7 @@ index acf6d4f..194f170 100644
  
  init_rw_utmp(dovecot_auth_t)
  
-@@ -236,6 +261,8 @@ optional_policy(`
+@@ -236,6 +262,8 @@ optional_policy(`
  optional_policy(`
  	mysql_search_db(dovecot_auth_t)
  	mysql_stream_connect(dovecot_auth_t)
@@ -36815,7 +36829,7 @@ index acf6d4f..194f170 100644
  ')
  
  optional_policy(`
-@@ -243,6 +270,8 @@ optional_policy(`
+@@ -243,6 +271,8 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -36824,7 +36838,7 @@ index acf6d4f..194f170 100644
  	postfix_search_spool(dovecot_auth_t)
  ')
  
-@@ -250,23 +279,42 @@ optional_policy(`
+@@ -250,23 +280,42 @@ optional_policy(`
  #
  # dovecot deliver local policy
  #
@@ -36869,7 +36883,7 @@ index acf6d4f..194f170 100644
  
  miscfiles_read_localization(dovecot_deliver_t)
  
-@@ -283,24 +331,22 @@ userdom_manage_user_home_content_pipes(dovecot_deliver_t)
+@@ -283,24 +332,22 @@ userdom_manage_user_home_content_pipes(dovecot_deliver_t)
  userdom_manage_user_home_content_sockets(dovecot_deliver_t)
  userdom_user_home_dir_filetrans_user_home_content(dovecot_deliver_t, { dir file lnk_file fifo_file sock_file })
  
@@ -53252,7 +53266,7 @@ index 2855a44..58bb459 100644
 +    allow $1 puppet_var_run_t:dir search_dir_perms;
 +')
 diff --git a/policy/modules/services/puppet.te b/policy/modules/services/puppet.te
-index 64c5f95..fa3c113 100644
+index 64c5f95..39d23dc 100644
 --- a/policy/modules/services/puppet.te
 +++ b/policy/modules/services/puppet.te
 @@ -6,12 +6,19 @@ policy_module(puppet, 1.0.0)
@@ -53376,7 +53390,7 @@ index 64c5f95..fa3c113 100644
  	files_rw_var_files(puppet_t)
  
  	rpm_domtrans(puppet_t)
-@@ -156,13 +188,68 @@ optional_policy(`
+@@ -156,13 +188,136 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -53387,8 +53401,77 @@ index 64c5f95..fa3c113 100644
 +    usermanage_access_check_useradd(puppet_t)
 +')
 +
-+########################################
-+#
++optional_policy(`
++	auth_filetrans_named_content(puppet_t)
++')
++
++optional_policy(`
++	alsa_filetrans_named_content(puppet_t)
++')
++
++optional_policy(`
++	bootloader_filetrans_config(puppet_t)
++')
++
++optional_policy(`
++	devicekit_filetrans_named_content(puppet_t)
++')
++
++optional_policy(`
++	dnsmasq_filetrans_named_content(puppet_t)
++')
++
++optional_policy(`
++	kerberos_filetrans_named_content(puppet_t)
++')
++
++optional_policy(`
++	libs_filetrans_named_content(puppet_t)
++')
++
++optional_policy(`
++	miscfiles_filetrans_named_content(puppet_t)
++')
++
++optional_policy(`
++	mta_filetrans_named_content(puppet_t)
++')
++
++optional_policy(`
++	modules_filetrans_named_content(puppet_t)
++')
++
++optional_policy(`
++	networkmanager_filetrans_named_content(puppet_t)
++')
++
++optional_policy(`
++	nx_filetrans_named_content(puppet_t)
++')
++
++optional_policy(`
++	postfix_filetrans_named_content(puppet_t)
++')
++
++optional_policy(`
++	quota_filetrans_named_content(puppet_t)
++')
++
++optional_policy(`
++	sysnet_filetrans_named_content(puppet_t)
++')
++
++optional_policy(`
++	virt_filetrans_home_content(puppet_t)
++')
++
++optional_policy(`
++	ssh_filetrans_admin_home_content(puppet_t)
+ ')
+ 
+ ########################################
+ #
+-# Pupper master personal policy
 +# PuppetCA personal policy
 +#
 +
@@ -53439,16 +53522,15 @@ index 64c5f95..fa3c113 100644
 +    usermanage_access_check_groupadd(puppet_t)
 +    usermanage_access_check_passwd(puppet_t)
 +    usermanage_access_check_useradd(puppet_t)
- ')
- 
- ########################################
- #
--# Pupper master personal policy
++')
++
++########################################
++#
 +# Puppet master personal policy
  #
  
  allow puppetmaster_t self:capability { dac_read_search dac_override setuid setgid fowner chown fsetid sys_tty_config };
-@@ -171,29 +258,36 @@ allow puppetmaster_t self:fifo_file rw_fifo_file_perms;
+@@ -171,29 +326,36 @@ allow puppetmaster_t self:fifo_file rw_fifo_file_perms;
  allow puppetmaster_t self:netlink_route_socket create_netlink_socket_perms;
  allow puppetmaster_t self:socket create;
  allow puppetmaster_t self:tcp_socket create_stream_socket_perms;
@@ -53488,7 +53570,7 @@ index 64c5f95..fa3c113 100644
  
  corecmd_exec_bin(puppetmaster_t)
  corecmd_exec_shell(puppetmaster_t)
-@@ -206,21 +300,46 @@ corenet_tcp_bind_generic_node(puppetmaster_t)
+@@ -206,21 +368,46 @@ corenet_tcp_bind_generic_node(puppetmaster_t)
  corenet_tcp_bind_puppet_port(puppetmaster_t)
  corenet_sendrecv_puppet_server_packets(puppetmaster_t)
  
@@ -53502,11 +53584,11 @@ index 64c5f95..fa3c113 100644
  
  domain_read_all_domains_state(puppetmaster_t)
 +domain_obj_id_change_exemption(puppetmaster_t)
-+
-+files_read_usr_files(puppetmaster_t)
  
 -files_read_etc_files(puppetmaster_t)
 -files_search_var_lib(puppetmaster_t)
++files_read_usr_files(puppetmaster_t)
++
 +selinux_validate_context(puppetmaster_t)
 +
 +auth_use_nsswitch(puppetmaster_t)
@@ -53538,7 +53620,7 @@ index 64c5f95..fa3c113 100644
  optional_policy(`
  	hostname_exec(puppetmaster_t)
  ')
-@@ -231,3 +350,9 @@ optional_policy(`
+@@ -231,3 +418,9 @@ optional_policy(`
  	rpm_exec(puppetmaster_t)
  	rpm_read_db(puppetmaster_t)
  ')
@@ -59443,7 +59525,7 @@ index 623c8fa..0a802f7 100644
  /var/run/snmpd(/.*)?		gen_context(system_u:object_r:snmpd_var_run_t,s0)
  /var/run/snmpd\.pid	--	gen_context(system_u:object_r:snmpd_var_run_t,s0)
 diff --git a/policy/modules/services/snmp.if b/policy/modules/services/snmp.if
-index 275f9fb..ad10bef 100644
+index 275f9fb..f1343b7 100644
 --- a/policy/modules/services/snmp.if
 +++ b/policy/modules/services/snmp.if
 @@ -11,12 +11,12 @@
@@ -59463,7 +59545,7 @@ index 275f9fb..ad10bef 100644
  ')
  
  ########################################
-@@ -62,6 +62,7 @@ interface(`snmp_read_snmp_var_lib_files',`
+@@ -62,11 +62,70 @@ interface(`snmp_read_snmp_var_lib_files',`
  		type snmpd_var_lib_t;
  	')
  
@@ -59471,10 +59553,29 @@ index 275f9fb..ad10bef 100644
  	allow $1 snmpd_var_lib_t:dir list_dir_perms;
  	read_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
  	read_lnk_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
-@@ -69,6 +70,45 @@ interface(`snmp_read_snmp_var_lib_files',`
+ ')
  
- ########################################
- ## <summary>
++#######################################
++## <summary>
++##  Read snmpd libraries directories
++## </summary>
++## <param name="domain">
++##  <summary>
++##  Domain allowed access.
++##  </summary>
++## </param>
++#
++interface(`snmp_read_snmp_var_lib_dirs',`
++    gen_require(`
++        type snmpd_var_lib_t;
++    ')
++
++    files_search_var_lib($1)
++    allow $1 snmpd_var_lib_t:dir list_dir_perms;
++')
++
++########################################
++## <summary>
 +##	Manage snmpd libraries directories
 +## </summary>
 +## <param name="domain">
@@ -59512,12 +59613,10 @@ index 275f9fb..ad10bef 100644
 +	manage_files_pattern($1, snmpd_var_lib_t, snmpd_var_lib_t)
 +')
 +
-+########################################
-+## <summary>
+ ########################################
+ ## <summary>
  ##	dontaudit Read snmpd libraries.
- ## </summary>
- ## <param name="domain">
-@@ -81,9 +121,10 @@ interface(`snmp_dontaudit_read_snmp_var_lib_files',`
+@@ -81,9 +140,10 @@ interface(`snmp_dontaudit_read_snmp_var_lib_files',`
  	gen_require(`
  		type snmpd_var_lib_t;
  	')
@@ -59529,7 +59628,7 @@ index 275f9fb..ad10bef 100644
  ')
  
  ########################################
-@@ -123,13 +164,15 @@ interface(`snmp_dontaudit_write_snmp_var_lib_files',`
+@@ -123,13 +183,15 @@ interface(`snmp_dontaudit_write_snmp_var_lib_files',`
  #
  interface(`snmp_admin',`
  	gen_require(`
@@ -63903,7 +64002,7 @@ index 7c5d8d8..3fd8f12 100644
 +')
 +
 diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te
-index 3eca020..30c47b0 100644
+index 3eca020..59444ba 100644
 --- a/policy/modules/services/virt.te
 +++ b/policy/modules/services/virt.te
 @@ -5,56 +5,84 @@ policy_module(virt, 1.4.0)
@@ -64460,7 +64559,7 @@ index 3eca020..30c47b0 100644
  files_read_usr_files(virt_domain)
  files_read_var_files(virt_domain)
  files_search_all(virt_domain)
-@@ -440,25 +626,358 @@ files_search_all(virt_domain)
+@@ -440,25 +626,359 @@ files_search_all(virt_domain)
  fs_getattr_tmpfs(virt_domain)
  fs_rw_anon_inodefs_files(virt_domain)
  fs_rw_tmpfs_files(virt_domain)
@@ -64796,6 +64895,7 @@ index 3eca020..30c47b0 100644
 +
 +domain_entry_file(svirt_lxc_net_t, svirt_lxc_file_t)
 +domtrans_pattern(virtd_lxc_t, svirt_lxc_file_t, svirt_lxc_net_t)
++corecmd_shell_domtrans(virtd_lxc_t, svirt_lxc_net_t)
 +fs_noxattr_type(svirt_lxc_file_t)
 +term_pty(svirt_lxc_file_t)
 +
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 888c519..4b7dc51 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.10.0
-Release: 63%{?dist}
+Release: 64%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -470,6 +470,15 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Thu Dec 1 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-64
+- Use fs_use_xattr for squashf
+-  Fix procs_type interface
+- Dovecot has a new fifo_file /var/run/dovecot/stats-mail
+- Dovecot has a new fifo_file /var/run/stats-mail
+- Colord does not need to connect to network
+- Allow system_cronjob to dbus chat with NetworkManager
+- Puppet manages content, want to make sure it labels everything correctly
+
 * Tue Nov 29 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-63
 - Change port 9050 to tor_socks_port_t and then allow openvpn to connect to it
 - Allow all postfix domains to use the fifo_file